Microsoft has alerted users about a significant malvertising campaign targeting cryptocurrency traders. The campaign entices users to download fake trading tool installers that contain Node.js-based malware, which collects sensitive data while evading detection. Microsoft recommends monitoring for suspicious script activity, enabling endpoint protection, and restricting outbound communications to protect against this threat.
Microsoft Threat Intelligence has issued a warning regarding an ongoing “malvertising” campaign aimed at cryptocurrency traders. This campaign, initiated earlier this month, employs fake advertisements to entice users into downloading malicious installers disguised as legitimate trading tools from reputable platforms including Binance and TradingView.
The malware, based on Node.js, is embedded within the infected packages and instigates immediate system infection. Its capabilities include gathering sensitive information about the victim’s computer and establishing a scheduled task that conceals its presence from anti-virus programs, ensuring the malware persists on the device.
Victims unwittingly view what appears to be a credible cryptocurrency trading site as a distraction. The malware collects extensive data such as installed programs, BIOS version, regional settings, and network adapter specifics, potentially facilitating tailored attacks against specific users.
To mitigate risks associated with this malicious campaign, individuals are advised to watch for unusual script activity, activate endpoint protection, and limit outbound data transfers. Microsoft emphasized the importance of user education regarding the dangers of software downloads from unverified sources, and the necessity for monitoring and regulating Node.js execution to lessen the threat of such attacks.
